WHITE PAPER Cloud Computing from the Ground Up Cloud Basics and Pragmatic Best Practices for Getting Started July 2010 John Bair, Chief Technology Officer, Ajilitee John Rhoton, Author, Cloud Computing Explained: Implementation Handbook for Enterprises Ajilitee and John Rhoton 2010
Tomorrow s forecast: cloudy with a high chance of value What is cloud computing? The experts disagree on its exact definition, but most concur that it includes the notion of web-based services that are available on demand from an optimized, and highly scalable, service provider. Despite the technical sound of its characterization, it not only has garnered excitement from technologists but also has captured the attention of business leaders around the world. If you read the press, cloud computing has the potential for significant impact on technology, business and may even carry far-reaching economic and political implications. Research from industry analyst firms affirms that corporate investments are increasing in cloud infrastructure, applications and services, keeping IT spending steady despite a less-than-ideal business climate. And a recent Gartner report forecasts the global cloud services market to reach $68.3 billion in 2010, and jumping to $149 billion by 2014, as a testament to the acceleration of cloud adoption by enterprises. But all this doesn t necessarily mean that it is relevant to you and your company. Unless it solves a problem or unleashes a new opportunity that is specific to you, there is no reason to dedicate any of your time or money to it. What problems does cloud computing solve? Before we delve into the analysis of how cloud computing may solve some critical industry needs, let s take a look at how the role of IT is changing. More than ever, CIOs are expected to do more with less and focus on building a better future for their organizations. Priorities and challenges are shifting as IT begins gearing up for a more strategic role instead of a mainly tactical one. In fact, 2010 marks a transition year for CIOs, says Gartner, who aspire to create IT organizations focused on innovation, competitive advantage and customer growth by tapping more collaborative, innovative and emerging technologies and solutions. Despite the grander change in motion, IT still must face a number of plaguing day-to-day limitations that include: Low utilization of servers Power, space, cost constraints Delays in launching new services High overhead in provisioning services and users Unclear value contribution of central IT In order to solve these problems, we ve seen a number of partially interdependent initiatives, such as: Internet delivery: The service is hosted and delivered from a location that belongs to a service provider. This usually has two implications: the service is delivered over the public Internet and the processing occurs outside the company firewall. 2
Elasticity: The inherent scalability of the service provider is made available to the end-user. The model goes much further in providing an elastic provisioning mechanism so that re-sources can be scaled both up and down very rapidly as required. Utility Billing: Fine-grained metering or resource usage, combined with on-demand service provisioning, facilitate a number of options for charging customers. Fees can be levied on a subscription basis or can be tied to actual consumption, or reservation, of resources. Virtualization: Services are usually offered through an abstracted infrastructure. They leverage various virtualization mechanisms and achieve cost optimization through multi-tenancy. Service Delivery: Functionality is available as a service of some form. While there is great variance in the nature of these services, typically the services offer programmatic interfaces in addition to the user interfaces. Universal access: Resource democratization means that pooled resources are available to anyone authorized to utilize them. At the same time, location independence and high levels of resilience allow for an always-connected user experience. Simplified management: Administration is simplified through automatic provisioning to meet scalability requirements, user self-service to expedite business processes and programmatically accessible resources that facilitate integration into enterprise management frameworks. Multi-tenancy: Resources are used by many organizations (tenants) and include mechanisms to protect and isolate each tenant from all others. Pooling resources across customers is an important factor in achieving scalability and cost savings. You can see in the diagram below that there isn t a one-to-one match between the problems and solutions but, collectively, they provide some relief to all the problems identified above. As we mentioned above, experts disagree on the exact definition of the term cloud computing. We use it to characterise the set of tools and techniques that we can use to address some of these IT problems while setting the stage for greater scalability, flexibility, and cost effectiveness benefits that deliver tangible business value. 3
Evolution of technology Cloud computing is an evolution and convergence of several prior technology developments. As such, it is difficult to isolate a single technological trigger. A number of incremental improvements in various areas (such as fine-grained metering, flexible billing, virtualization, broadband, service-oriented architecture and service management) have come together recently. Combined, they enable new business models that can dramatically affect cost and cash flow patterns and are therefore of great interest to the business (especially in a downturn). This convergence effect also has hit a critical threshold by achieving sufficient scale to dramatically reduce prices, thus leading to a virtuous cycle of benefits (cost reduction for customers, profits for providers), exponential growth and ramifications that may ripple across many levels of our lives, including technology, business, economic, social and political dimensions. SPI model One characteristic aspect of cloud computing is a strong focus toward service orientation. It represents such a wide range of heterogeneous services that in practice we find it useful to categorize the services and delivery models and to make it easier to analyze and evaluate how the services can be built into solutions. The most common classification uses the so-called SPI (Software-as-a-Service, Platform-as-a- Service and Infrastructure-as-a-Service) model. Amazon Elastic Compute Cloud (EC2) is a classical example of Infrastructure-as-a-Service (IaaS). Google App Engine is generally considered to be a Platform-as-a-Service (PaaS). And Salesforce.com represents one of the best known examples of Software-as-a-Service (SaaS). As is often the case with classification systems, the lines are not nearly as clear in reality as they may appear on a diagram. There are many services that do not fit neatly into one category or the other. Over time, services may also drift between service types. 4
SPI model Software services represent the actual applications that end users leverage to accomplish their business objectives (or personal objectives in a consumer context). Software services typically involve a browserbased user interface but they may also expose APIs for data loading, extraction and identity management. There are a wide range of domains where you can find SaaS offerings. One of the most popular areas is customer relationship management (Salesforce.com, Netsuite). Desktop productivity (Google Apps, Zoho) is also very common, as well as forms of collaboration (such as conferencing or unified communications). But the list is endless with services for billing, financials (Intuit), legal, human resources (ADP, Workday), backup and recovery (Mozy), and many other domains appearing regularly on the market. Platforms represent frameworks and common functions that the applications can leverage so that they don t need to re-invent the wheel. The offerings often include programming language interpreters and compilers, development environments, and libraries with interfaces to frequently needed functions. There are also platform services that focus on specific components such as databases, identity management repositories or business intelligence systems and make this functionality available to application developers. Some examples: Google App Engine, Microsoft Azure, Force.Com, and Intuit Partner Platform. As the figure above shows, we have divided infrastructure services into three sublevels. We don t mean to imply that they are any more complex or diverse than platform or software services. In fact, they are probably more homogenous and potentially even simpler than the higher tiers. However, they lend themselves well to further segmentation. We suggest that most infrastructure services fall into three categories that build on each other. There are providers of simple co-location (facilities) services. In the basic scenario, the data center owner rents out floor space and provides power and cooling as well as a network connection. The rack 5
hardware may also be part of the service but the owner is not involved in filling the space with the computers or appliances that the customers need. The next conceptual level is to add hardware to the empty rack space. There are hosting services that will provide and install blade systems for computation and storage. The simplest options involve dedicated servers, internal networking and storage equipment that is operated by the customer. Supplementary services In addition to the software and applications that run in the SPI model and support a cloud application in its core functions, there are also a number of challenges that both the enterprise and service provider need to address in order to successfully keep the solution going. Implement - It is necessary to select and integrate all the components into a functioning solution. There are a large and ever increasing number of cloud-based services and solutions on the market. It is no simple task to categorize and compare them. And once that is done, it would be naïve to expect them all to work together seamlessly. The integration effort involves a careful selection of interfaces and configuration settings and may require additional connectors or custom software. Operate - Once the solution has been brought online, it is necessary to keep it running. This means that you need to monitor, troubleshoot and support it. Since the service is unlikely to be completely static, you need to also have processes in place to provision new users, decommission old users, plan for capacity changes, track incidents and implement changes in the service. Control - The operation of a complex set of services can be a difficult challenge. Some of the challenge may be reduced by working with solution providers and outsourcing organizations who take over the operative responsibilities. However, this doesn t completely obviate the need for overseeing the task. It is still necessary to ensure that service expectations are well defined and that they are validated on a continuous basis. 6
Delivery models Distinctions Public: Standard commodity service Private: Internal data center Community: Restricted public offering Partner: Tailored outsourcing contract Hybrid: Combination Cloud delivery options Public clouds In the earliest definitions of cloud computing, the term refers to solutions where resources are dynamically provisioned over the Internet from an offsite third-party provider who shares resources and bills on a fine-grained utility computing basis. This computing model carries many inherent advantages in terms of cost and flexibility, but it also has some drawback in the areas of governance and security. This model has gradually assumed the name of public cloud to differentiate it from the other cloud models described below. Private clouds Many enterprises have looked at ways that they can leverage at least some of the benefits of cloud computing while minimizing the drawbacks by making use of only some aspects of cloud computing. These efforts have led to a restricted model of cloud computing that is often designated as private cloud. The term private cloud is disputed in some circles. Many argue that anything less than a full cloud model is not cloud computing at all, but rather a simple extension of the current enterprise data center. Nonetheless, the term has become widespread. As such, it is useful to also examine enterprise options that also fall into this category. In simple theoretical terms, a private cloud is one that only leverages some of the aspects of cloud computing. It is typically hosted on-premise, scales to only hundreds, or perhaps thousands, of nodes, connected primarily to the using organization through private network links. Since all applications and servers are shared within the corporation, the notion of multi-tenancy is minimized. 7
From a business perspective, you typically also find that the applications primarily support the business but do not directly drive additional revenue. So, the solutions are financial cost centers rather than revenue or profit centers. Public vs. private clouds Given the disparity in descriptions between private and public clouds on topics that seem core to the notion of cloud computing, it is valid to question whether there is actually any commonality at all. The most obvious area of intersection is around virtualization. Since virtualization enables higher degrees of automation and standardization, it is a pivotal technology for many cloud implementations. Enterprises can certainly leverage many of its benefits without necessarily outsourcing their entire infrastructure or running it over the Internet. Depending on the size of the organization, as well as its internal structure and financial reporting, there may also be other aspects of cloud computing that become relevant even in a deployment that is confined to a single company. A central IT department can just as easily provide services on-demand and cross-charge business on a utility basis as could any external provider. The model would then be very similar to a public cloud with the business acting as the consumer and IT as the provider. At the same time, the sensitivity of the data may be easier to enforce and the controls would be internal. A black-and-white distinction between private and public cloud computing may therefore not be realistic in all cases. In addition to the ambiguity in sourcing options mentioned above, other criteria are not binary. For example, there can be many different levels of multi-tenancy. There are also many different options an enterprise can choose for security administration, channel marketing, integration, completion and billing. Some of these may share more similarity with conventional public cloud models while others may reflect a continuation of historic enterprise architectures. 8
What is important is that enterprises must select a combination that not only meets their current requirements in an optimal way, but also offers a flexible path that will give them the ability to tailor the options as their requirements and the underlying technologies change over time. In the short term, many corporations will want to adopt a course that minimizes their risk and only barely departs from an internal infrastructure. However, as cloud computing matures they will want the ability to leverage increasing benefits without redesigning their solutions. This means that they need to carefully design a modular service-oriented architecture with well-defined interfaces that are designed and managed through documented processes, such as ITIL. They need to thoughtfully select infrastructure that supports existing standards and is maximally compatible with public cloud services. And they need to implement secure policies that prevent any interception or misuse of data. Private to public cloud evolution A well-designed private cloud provides flexible options to either externally source future services or, alternatively, offer select internal service to clients to generate additional revenue streams. Partner clouds For the sake of completeness, it is also important to mention that there are more hosting options than internal versus public. It is not imperative that a private cloud be operated and hosted by the consuming organization itself. Other possibilities include co-location of servers in an external data center with, or without, managed hosting services. Outsourcing introduces another dimension. Large IT providers, such as HP Enterprise Services or IBM Global Services, have been in the business of running data center operations for large customers for 9
many years. They can manage these services in their own facilities, on customer premises or on the property of a third party. In some ways, you can consider these partner clouds as another point on the continuum between private and public clouds. Large outsourcers are able to pass on some of their benefits of economy of scale, standardization, specialization and their point in the experience curve. And yet they offer a degree of protection and data isolation that is not common in public clouds. Community clouds In addition to horizontal applications and platforms that can be used by consumers, professionals and businesses across all industries, there are also some cloud services that only target a restricted community of participants. For example, there is increasing talk about vertical solutions that address the needs of companies operating in specific sectors, such as transportation, hospitality or health-care. One area where there has been significant progress is the development of a government cloud. Terremark Worldwide, for example, has opened a cloud computing facility that caters specifically to U.S. government customers and addresses some of their common requirements around security and reliability. It offers extensive physical security ranging from elaborate surveillance, including bombsniffing dogs, to steel mesh under the data center floors. Hybrid clouds The categorization of cloud providers in the previous section into private, partner and public is a great simplification. Not only is there no clear boundary between the three delivery models but it is very likely that customers will not confine themselves to any given approach. Instead you can expect to see a wide variety of hybrid constellations. Cloud benefits There are three primary benefits that cloud computing promises to enterprise customers: cost, agility and focus. They can reduce and simplify their cost structure. They can leverage the elasticity of cloud computing to make their business more agile. And they can take advantage of the fact that they have outsourced some of their IT focus by dedicating their freed resources to activities that improve their core competencies. Cost The most apparent benefits of cloud computing are around cost. There can be a significant reduction in upfront investment since there is no need to purchase extensive hardware infrastructure or software licenses. Instead you can align your costs to actual usage, which means that you can allocate costs to the contributing revenue much more easily and accurately. 10
With traditional solutions, costs aren t aligned with usage You also no longer need to over-provision resources in order to meet spikes in demand. High-end industry server utilization rates currently run at 15-20%. In the cloud, you do not pay for idle capacity that further reduces costs. And finally, some benefits that the providers have acquired in terms of economies of scale and their place on the experience curve will translate into cost savings for the customer. Certainly, the providers will try to retain most of their advantage as profit. But in a competitive environment with other providers, you can also expect some savings to be passed on to customers. Agility A cloud infrastructure adds considerable flexibility and agility to an enterprise architecture. It makes it much easier to roll out new services as they become necessary and to retire old applications when they are no longer needed. There is no need to procure hardware for the former or to cost-effectively dispose of the equipment in the case of the latter. Similarly, a particular service can scale up and down as needed. There are cases where resource demand has spiked ten-fold overnight only to fall back to its original level shortly afterward. The elasticity of a cloud allows the enterprise to exactly match the resources to the demand without overpaying for excess capacity or losing an opportunity to address market demand. The flexibility also facilitates a faster time to market. The usual lead time for procuring necessary equipment can be compressed to a few minutes when resources can be provisioned on demand. Ultimately the speed and reduced commitment also lower barriers to innovation, which can encourage a more agile organizational culture. And finally, a globally replicated cloud facilitates access from any place using any device at any time and therefore contributes to user flexibility and productivity. 11
Focus The fact that some of the IT services are outsourced to a cloud provider reduces the effort and administration that is required by the corporate IT department. These responsibilities extend from user provisioning and support to application management and troubleshooting. Once service evolution is automated, experts can refocus on activities and opportunities that help to solidify the core competencies of the firm. We mentioned in our introductory statements that IT must start building toward a strategic focus. Outsourcing and automating routine functions are essential to supporting this. Concern and risk mitigation The security and risk concerns are probably the best known and most challenging to address. A common obstacle to the adoptions of cloud computing is the fact that the ser-vice provider hosts sensitive data potentially in a multi-tenant environment. The customer must consider the host to be trustworthy enough not to intentionally, or inadvertently, compromise the information. The fact that there is only limited standardization of cloud functionality leads to interoperability barriers, which lock the customer into a given vendor s service. This presents risk if the vendor faces insolvency or if the customer subsequently chooses to switch vendors. A general governance problem can give many customers cause for concern. They have only limited recourse if the system performs unreliably or doesn t scale to their required capacity. For the issues identified above, we can consider several options to reduce, and potentially transfer, the risks. They include: Encryption Supplementary backup Interoperability 12
Multi-sourcing Insure Negotiate contract Monitor contract and other indicators Audit Encrypt Encryption of cloud-stored data helps to mitigate the risk that it will be leaked. However, it needs to be clear that this limits the service of the provider. It cannot offer any high-level integrity checking or assist constructively in the case of electronic discovery unless it also has access to the encryption keys. Generally, an enterprise will prefer the additional responsibility of information management and key management rather than risking the possibility that the key could be compromised. But it is a decision that must be made. Regardless of who performs the encryption, the enterprise must validate that the key manage-ment is handled in accordance with its policies and that the ciphers and key-lengths are sufficiently strong. Supplementary backup In addition to any backups taken by the service provider the enterprise may want a supplementary disaster recovery strategy. The options include: Co-located system that archives all critical information with the cloud service provider Process agreed with service provider to send periodic tape backups of systems to customer Replication from within service to another data center or cloud provider Customer-originated extraction of data from service through available interfaces The decision about which approach to use will depend on the availability of each of the options and also on the amount of data, the price of bandwidth, and the time criticality (both in terms of recovery point objective and recovery time objective) of the data. Maximize interoperability Interoperability is certainly in the interests of the customer. Increased standardization gives the enterprise the flexibility to easily switch from one vendor to another and reduce the risk of lock-in. Unfortunately, the industry is still very immature with regard to standardization particularly with regard to platforms and services. This leaves the enterprise with several options: Encourage open standards. They will not probably reap any short-term benefits but, collectively, enterprises can influence the service providers. Prefer interoperability where possible. As vendors begin to incorporate open standards customers can choose those vendors and options that are as standards-based as possible. 13
Investigate service clones that support the same interfaces. For example, Eucalyptus emulates Amazon Web Services and AppScale duplicates an App Engine environment in a private data center. Develop contingency plans. Backup strategies might include arrangements with providers of similar functionality and transition plans to mi-grate code and data. Multi-source Another option to reduce the dependency on a single vendor is to design solutions that span multiple providers. It is a sledgehammer approach with the potential to be very complex and costly to manage. But that isn t a reason to rule it out completely. It might be considered where dependency on a single provider is not a viable option. There are several modes of multi-sourcing applications: Double-active, replicated: The most efficient, but also most complicated, op-tion is to run both providers in parallel and continuously replicate data between them. This assumes they can both provide the same functionality and there is a means of synchronizing their data. Double-active, independent: A second option is to segment the application, for example by users or products, so that one provider takes care of one segment and another handles the other. There may be inconsistencies in the functionality but that doesn t need to be a problem. For example, certain user groups may need less functionality than others. In the case that one provider service terminates there is still a ramp up on the other provider but an existing agreement and limited experience make it easier than starting back at square one with a search for a new provider. Active/passive: All services may be provided by a single provider with a second in stand-by position only. This means that the customer already has the agreements in place and a contingency plan that can be invoked to switch to the secondary provider if the case arises. At a minimum, the enterprise should be constantly vigilant of the viability of its service providers and monitor its service levels while at the same time keeping a careful eye on the competitive landscape to understand both if there are better options and what it would take to move to another one if needed. Insure Insurance is another risk transfer technique that may be viable. One option that may be available is for the provider to take out an insurance policy covering its assets. If it reveals the details of this policy to the customer then it may appease some solvency concerns. Another alternative would be for the customer to explore trade credit insurance covering the contract with the provider. Provider Negotiation The provider may be open to negotiation on some of these points but since they go against its interest and potentially set a precedent for other customers the case needs to be compelling. A large customer 14
considering a very lucrative contract is likely to have much more leverage than a small firm looking for a loss-leading opportunity. Audits Given the difficulty of an enterprise exhaustively monitoring all provider activity and the practical limitations that a provider cannot offer unfettered access to their operations on a continuous basis, another mechanism to ensure a certain level of reliability is to request audits. If an enterprise has enough clout with the provider they may request to perform an audit themselves but it is much more likely that they will insist on regular 3rd party risk assessments and on-site inspections. It is legitimate for any customer to request clear documentation on risk assessments and audit as well as verifying the frequency of assessments. Design challenges There are numerous technical challenges that an enterprise needs to address if it is considering adopting a cloud model. It is not trivial to integrate the networks in a reliable, scalable and secure fashion. There may be uncontrollable sources of latency or data transfer bottlenecks. It can be difficult to manage the encryption keys needed to protect all channels of communication. It is also a challenge to integrate applications, which may need to connect between organizational boundaries. Again, there are security precautions to consider but there are also more general problems of interoperability and standardization of interfaces. It can be difficult to maintain data integrity when critical parts of typically synchronous activities need to be handled asynchronously. And across these, there are many questions about support in a multi-vendor, multi-provider environment, which can complicate operational processes such as incident management. Key challenges Integration with internal applications User provisioning, identity management federation Implementing reliability, redundancy, availability Assessing and negotiating SLAs Data, application, infrastructure, user migration We find that the biggest cause for failure in cloud computing is underestimating these challenges. Cloud assessment process Most (successful) organizations already have a process in place to continually reassess and refine the corporate strategy. It is important to monitor the competitive landscape and compare company performance with industry benchmarks on a regular basis. 15
This process will uncover certain areas where improvement is needed, or at least desired. Depending on who is performing the exercise, the strategists may or may not consider how cloud computing can play a role in revamping the company strategy. Since cloud computing does have the potential of profound impact at many levels, it is important to ensure that the strategic analysis includes its consideration, ideally by including participants with a sound knowledge of the technology and its implications. Many companies achieve success by bringing together internal stakeholders and outside expertise as an ideal combination for identifying and piloting the opportunities that cloud computing poses for their organizations. Evaluate the components and opportunities A critical part of the early-planning process is to take an inventory of the existing applications, requirements, user groups and infrastructure and perform a survey of the potential service providers on the market. Equipped with this information you can begin to investigate which services are most likely to be relevant to your business in the short term and which providers might best be able to deliver these services. Keep in mind that you don t need to completely overhaul your architecture in one big bang. Many enterprises will adopt a hybrid and flexible sourcing model for some time to come. Modernize the existing infrastructure and assess readiness One of the best ways to prepare for tomorrow is to optimize what you are doing today. As you assess your existing applications and processes for cloud readiness, determine whether any of them are legacy applications that might benefit from a redesign for service orientation. Look at your infrastructure and operational procedures and determine whether you have any opportunities to virtualize, standardize, optimize and automate. It is also helpful to ensure that a systematic and structured approach to service management is in place. ITSM provides the elements for a solid management design that facilitates a flexible and extensible operating model, which will also make it easier to embrace new forms of service delivery. Determine the business case Finally, take a stab at the business case. Even if it isn t compelling yet, you will want to gauge how close you are and what likely changes will make it compelling in the future. Keep in mind that the business case is more than a simple ROI calculation. There are many financial metrics to consider as well as the implications for risk and the ramifications of cloud computing on the competitive environment of your business. 16
We observe the following areas to be of greatest interest to companies, whether they are investigating or implementing: Private Cloud infrastructure Disaster recovery Application development and testing Cloud bursting and hybrid cloud interconnectivity Email and collaboration Desktop virtualization Business intelligence Private Cloud infrastructure: A number of IT organizations already have virtualization initiatives underway and are now defining strategies to build the competencies and implement solutions (technologies and processes) to deliver more of the benefits of cloud computing to their business communities. Disaster recovery: Business continuity and contingency planning has always been a problem for organizations of all sizes. Cloud computing offers new capabilities of elastic storage and/or computing resources to provide off-site archiving and recovery, paying for computing resources only when needed. Application development and testing: Development and testing environments frequently present lower data security risk because many IT organizations already mandate data de-identification for development environments. Cloud computing facilities also enable short-term project environments to be quickly set up, used, and torn down when no longer needed. Cloud bursting and hybrid cloud interconnectivity: For applications that experience seasonal peaks in demand or capacity, turning on additional cloud resources to supplement on-premises servers, with connectivity through virtual private networks, versus buying fixed capacity that sits unused most of the time. 17
Email and collaboration: These are frequently cited examples of a whole series of IT services that provide little differentiation but that must be in place. These utility services may be more cost effectively delivered in the cloud, but require careful planning and migration to prevent service disruption and manage change. Desktop virtualization: Ways to serve the casual or light desktop users from the cloud versus deploying and managing applications and content on desktops and laptops. Business intelligence: Although it may be impractical to implement some of the largest enterprise data warehouses in the cloud, many companies are turning to cloud solutions for analytic databases and managed analytic applications. These are a few of the areas that may warrant discussion or investigation. A cloud opportunity assessment is a sound and recommended first step to decide where to concentrate resources. In closing Cloud computing is an emerging, rapidly evolving field comprising a wide range of services and offerings. Given its benefits and adoption among companies from small to large and those in between, it also represents a new area of great importance to IT. We believe that cloud computing can be a valuable part of your tool set and approach, but organizations must avoid succumbing to hype and do their homework to uncover the specific value it can provide. Implementing the cloud is not trivial. It involves changes to your processes, governance, and enterprise architecture. For this reason, now is the time to start assessing what role the cloud plays in your IT strategy, as it will take time to get where you not only want to be, but must be from a competitive standpoint. 18
References Gartner: Leading in Times of Transition: The 2010 CIO Agenda (Executive Summary), January 2010 Terremark website: http://www.terremark.com/industry-solutions/government/facilities.aspx Information Management online: Cloud Services Market To Hit $149B By 2014, Mel Duvall, June 24 2010. About the Authors John Bair has decades of experience building complex information management systems and is an inventor on six data management patents. Before joining LaunchPoint, John worked as the lead technologist of the Worldwide Information Management (IM) Services practice for Hewlett-Packard, where he was responsible for defining HP s technology strategy, reference architectures, and methodologies for business intelligence and information management services. John previously worked as CTO for Knightsbridge Solutions, a leading BI consultancy, which HP acquired in 2006. There he served as chief architect on enterprise data integration, data warehousing, and business intelligence implementations for Fortune 200 financial services, healthcare, retail, and high tech industries. Previously he served as Principal Engineer and Data Warehouse Architect at Amazon.com, where he created high-performance scalable e-commerce business intelligence systems including Amazon s enterprise data warehouse and analytic services. In 1995, John co-founded Leep Technology, a developer of data mining, customer relationship management, and data warehouse software that was acquired by Amazon.com in 1999. John is a frequent presenter at business intelligence and data warehousing conferences. John Rhoton currently works as an independent strategy consultant assisting multinational corporations in their adoption of emerging technologies. He is a frequent speaker at technical conferences, such as Microsoft Tech Ed, RSA or the HP Technology forum and is widely recognized in the industry as the author of five books, including his most recent title Cloud Computing Explained: Implementation Handbook for Enterprises. His career in IT covers over twenty-five years spread across nine countries on three continents. John s responsibilities have ranged from software engineering, solution architecture and program management to business development and strategic consulting. Until recently, he worked in the Office of the CTO of HP Enterprise Services where he drove initiatives in Technology Strategy, Enterprise Architecture and Business Consulting. In the role of HP Distinguished Technologist, he led the technical strategy for cloud services, virtualization, mobility and next-generation networking and oversaw several key corporate knowledge management and community-building programmes. John holds a Masters degree in Computer Science from the University of Missouri-Rolla and an MBA from Edinburgh Business School. He lives with his family in Vienna, Austria, and is actively engaged with clients around the world. Buy John Rhoton s Cloud Computing Explained: Implementation Handbook for Enterprises online at Amazon.com: http://www.amazon.com/cloud-computing-explained-implementation-enterprises/dp/0956355609 Contact 1701 Golf Road Tower One, Suite 1100 Rolling Meadows, IL 60008 Phone: 224.265.4570 Fax: 224.265.0401 www.ajilitee.com 19